Personally Identifiable Information Secure Person-To-Person Payment Technology

Maintaining personally identifiable information (PII) security is important for all entities that accept, store, process, or transmit payment information. PII is information that can be utilized to identify or trace an individual's identity including, but not limited to, name, address, social security number, biometric data, or date of birth. Maintaining PII security can be costly or otherwise difficult to achieve.

Personally identifiable information (PII) secure person-to-person (P2P) payment technology is described herein. Through the described technology, a P2P payment can be made using a token primary account number (PAN), allowing for a single product to be used for contactless payments, e-commerce payments, and P2P payments. When an account or payment card is digitized using an enhanced processing platform, the enhanced processing platform issues a token PAN which represents but is not directly a user's actual primary account number and can be used for P2P payments.

The introduction of the described token PAN allows for a P2P payment to made without sharing PII data. Indeed, unlike personal contact information conventionally used in a P2P payment, such as a personal mobile number, email address, or username, the described token PAN is not personally identifiable information. Thus, overall exposure risk for PII data can be reduced.

In some aspects, the techniques described herein relate to one or more computer-readable storage media having instructions stored thereon that when executed by a processing system, direct the processing system to: receive, from a sender, a P2P transfer request including at least a receiver token PAN corresponding to a receiver account of a receiver; obtain a sender token PAN corresponding to a sender account of the sender; communicate, to an enhanced processing platform, a P2P transfer advice request including at least the sender token PAN and the receiver token PAN; receive, from the enhanced processing platform, an account authorization message including at least a sender account number corresponding to the sender account and a receiver account number corresponding to the receiver account; and provide, to a receiver account holding institution (AHI) system via a payment network, funds to be transferred from the sender account associated with the sender account number to the receiver account associated with the receiver account number.

This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.

Personally identifiable information (PII) secure person-to-person (P2P) payment technology is described herein. Through the described technology, a P2P payment can be made using a token primary account number (PAN), allowing for a single product to be used for contactless payments, e-commerce payments, and P2P payments. When an account or payment card is digitized using an enhanced processing platform, the enhanced processing platform issues a token PAN which represents but is not directly a user's actual primary account number and can be used for P2P payments.

The introduction of the described token PAN allows for a P2P payment to made without sharing PII data. Indeed, unlike personal contact information conventionally used in a P2P payment, such as a personal mobile number, email address, or username, the described token PAN is not personally identifiable information. Thus, overall exposure risk for PII data can be reduced.

The enhanced processing platform can receive, from a sender account holding institution (AHI) system, a P2P transfer advice request comprising at least a sender token PAN and a receiver token PAN. The enhanced processing platform can identify a sender account number from a token vault using the sender token PAN; and identify a receiver account number from the token vault using the receiver token PAN. The enhanced processing platform can communicate, to the sender AHI system, an account authorization message comprising at least the sender account number and the receiver account number.

In the case of a receiver-initiated (Pull) PII secure P2P payment, before receiving the P2P transfer advice request, the enhanced processing system can receive, from a receiver AHI system, a P2P pull transfer advice request comprising at least the sender token PAN and the receiver token PAN; and communicate the P2P pull transfer advice request to the sender AHI system.

P2P payments are just one of the various mobile and digital payment solutions that exist in the payment industry. Other examples include, but are not limited to, contactless payments, in-application payments, and e-commerce payments.

P2P payments allow for the electronic transfer of funds between two users. Conventionally, a mobile phone number, email address, or username is used to initiate the process through an online or mobile P2P payment application. The initiating user of a P2P payment can be either the sender or the receiver.

As an illustrative example of a conventional sender-initiated P2P payment, the sender links funds to a P2P account, either through a bank account or payment card account. To connect to other users and transfer funds, the sender also provides personal contact information, such as a username, a phone number, or an email address. When the sender is ready to initiate a P2P payment, the sender can enter contact information for the recipient, as well as the amount of funds to transfer. The funds are then debited from the sender's account and credited to the recipient's account.

Contactless payments allow for a user to purchase products or services with a computing device (e.g., a chip embedded on a payment card or a mobile device with a wallet application) using, for example, RFID technology or near-field communication (NFC). Contactless payments work by holding a payment card or digital wallet above a point-of-sale (POS) terminal. Thus, contactless payments do not require any physical contact between the user's device or payment card and the POS terminal.

E-commerce payments allow for the payment of goods and services through electronic systems, such as the Internet. E-commerce payments can be made, for example, through an e-commerce website or electronic environment without any need to use cash or check.

In-app payments allow for the purchase of goods and services from inside an application on a mobile device.

While a P2P payment is a person-to-person payment solution, contactless payments, in-app payments, and e-commerce payments are examples of person-to-merchant payment solutions. Person-to-merchant payment solutions utilize a payment ecosystem that facilitates mobile and digital payments based on the use of token PANS.

That is, for person-to-merchant payments, accounts, such as a bank account or payment card account, are digitized using a digitization platform. The process of digitization can include tokenization. Tokenization is the process of replacing a primary account number (PAN) with a unique alternate card number, or “token. ” These token PANs can be used for contactless payments, in-app payments, or e-commerce and do not expose any actual account details. Conventionally, tokens operate behind the scenes, thus, users do not know any details about their token PAN numbers. The generation and use of these tokens enable simpler, more secure digital payment experiences.

With the described PII secure P2P payment technology, when an account or payment card is digitized using enhanced processing platform, the enhanced processing platform issues a token PAN which, in addition to person-to-merchant payments, can be used for P2P payments. Advantageously, instead of asking the account holding institution (AHI) to send the consumer's corresponding personal contact information for a P2P payment, the described techniques allow a consumer to use that issued token PAN.

The described technology enables the existing person-to-merchant ecosystem to perform additional functionality, including allowing a consumer to use an issued token PAN for P2P payments. The introduction of the described token PAN allows for a single product to be used for contactless payments, Ecommerce payments, and P2P payments.

Conventionally, in a person-to-merchant ecosystem, a user can pay a merchant that is a part of the corresponding card acceptance network over the card rails and settle account to account using their bank account. As described herein, a conventional transaction infrastructure for person-to-merchant transactions is modified to enable a user to pay another person or entity who does not have connectivity into that transaction infrastructure and corresponding card acceptance network.

An “account” refers to an account, such as, but not limited to, a bank account or a payment card account, held directly or indirectly by a financial institution.

An “account holding institution (AHI)” refers to a financial institution (e.g., a bank, savings association, credit union, or any other person) that directly or indirectly holds an account belonging to a consumer, or that issues an access device (e.g., bank card or credit card) and agrees with a consumer to provide electronic fund transfer services. In some cases, an AHI may be an issuer. An “issuer” refers to a bank system or other institution that provides payment cards to a cardholder.

A “merchant” refers to a provider of goods or services in exchange for payment. The merchant can be physically present at the sale or remote, such as an online retailer.

The terms “user” and “consumer” are used interchangeably herein. The term “personal account number” refers to a financial account number, such as, but not limited to, a bank account number, a PAN, and a payment card number. The terms “personal account number” and “account number” are used interchangeably herein. The terms “payment” and “transaction” are used interchangeably herein. As described herein, token PANs—which are distinct from the actual PANs—do not contain personally identifiable information (PII).

1 1 FIGS.A andB 1 FIG.A 110 115 120 125 130 140 150 155 160 165 illustrate example operating environments and signal flows for sender-initiated (Push) PII secure P2P payments. Referring to, an example operating environment can include a sender, a sender user device, a sender AHI application, a sender AHI system, an enhanced processing platform, a payment network, a receiver, a receiver user device, a receiver AHI application, and a receiver AHI system.

110 150 150 110 110 115 120 125 155 160 165 1 FIG.A The senderis a user that is sending a P2P payment to the receiver. The receiveris a user that is receiving the P2P payment from the sender. In the illustrative example of, the senderis initiating the P2P payment. The sender user deviceruns the sender AHI application, which is managed by the sender AHI system. The receiver user deviceruns the receiver AHI application, which is managed by the receiver AHI system.

115 155 A user device (e.g., the sender user deviceand the receiver user device) may be, but is not limited to, a personal computer, a laptop computer, a desktop computer, a tablet computer, a reader, a mobile device, a personal digital assistant, a smart phone, a gaming device or console, a wearable computer, a wearable computer with an optical head-mounted display, computer watch, a whiteboard, or a smart television.

125 165 An AHI system (e.g., the sender AHI systemand the receiver AHI system) can be a financial institution through which a user has an account. In some cases, an AHI system may be an issuer that provides a payment card to the user.

120 160 125 165 An AHI application (e.g., sender AHI applicationand the receiver AHI application) may be an application, such as a mobile banking application, managed by an AHI system (e.g., the sender AHI systemand the receiver AHI system).

140 140 The payment networkroutes payment information to the appropriate AHI system. The payment networkmay be a real time payment network.

130 The enhanced processing platformcan include or communicate with a digitization platform (not shown), an account processing platform (not shown), and one or more data resources, such as a token vault (not shown). The digitization platform is responsible for digitization and tokenization of forms of payment. The account processing platform supports the management of consumer accounts. The token vault refers to a repository where issued digitized payment tokens and corresponding personal account numbers and account reference numbers are securely stored.

110 150 130 130 130 130 115 155 An account of a consumer (e.g., the senderor the receiver) can be digitized for a virtual wallet/banking application for contactless or e-commerce payments and register with the enhanced processing platform. The virtual wallet application can be managed by an AHI system. When the account is being digitized, the AHI system can connect to the enhanced processing platformto facilitate the set-up. During digitization, the digitization platform of the enhanced processing platformissues a token PAN for the digitized account and passes that information to the account processing platform of the enhanced processing platform, which stores the consumer account information and token PANs in the token vault. The token PAN can be provisioned on the consumer's user device (e.g., the sender user deviceor the receiver user device) and made available to the consumer to use for contactless, e-commerce, and P2P payments.

6 FIG. A more detailed discussion of an enhanced processing platform and registration will be provided in.

Components (computing systems, storage resources, and the like) in the operating environment may operate on or in communication with each other over a communication network (not shown). The communication network can be, but is not limited to, a cellular network (e.g., wireless phone), a point-to-point dial up connection, a satellite network, the Internet, a local area network (LAN), a wide area network (WAN), a Wi-Fi network, an ad hoc network or a combination thereof. Such networks are widely used to connect various types of network elements, such as hubs, bridges, routers, switches, servers, and gateways. The communication network may include one or more connected networks (e.g., a multi-network environment) including public networks, such as the Internet, and/or private networks such as a secure enterprise private network. Access to the communication network may be provided via one or more wired or wireless access networks as understood by those skilled in the art.

Communication to and from the components, such as the AHI systems and the enhanced processing platform, may be carried out, in some cases, via application programming interfaces (APIs). An API is an interface implemented by a program code component or hardware component (hereinafter “API-implementing component”) that allows a different program code component or hardware component (hereinafter “API-calling component”) to access and use one or more functions, methods, procedures, data structures, classes, and/or other services provided by the API-implementing component. An API can define one or more parameters that are passed between the API-calling component and the API-implementing component. The API is generally a set of programming instructions and standards for enabling two or more applications to communicate with each other and is commonly implemented over the Internet as a set of Hypertext Transfer Protocol (HTTP) request messages and a specified format or structure for response messages according to a REST (Representational state transfer) or SOAP (Simple Object Access Protocol) architecture.

Conventionally, a receiver would provide a sender with personal contact information, such as a mobile phone number, email address, or username, for the sender to initiate a P2P payment. Advantageously, through the described techniques, no sharing of PII data (e.g., the personal contact information) is required. Instead, a receiver can provide a sender with a token PAN for the P2P payment as part of a sender-initiated (Push) PII secure P2P payment.

150 160 155 1 150 150 130 150 160 During an example sender-initiated (Push) PII secure P2P payment, the receivercan use the receiver AHI applicationon the receiver user deviceto retrieve a receiver token PAN, as reflected by flow. As described above, the receiver token PAN can be made available to the receiverwhen the receiverregisters with the enhanced processing platformand a receiver account is digitized. Thus, the receivercan pull up the receiver token PAN on the receiver AHI application. The receiver token PAN can be in the form of the receiver token PAN number or a quick response (QR) code.

150 110 2 150 110 The receivercan send the receiver token PAN to the sender, as reflected by flow. The receivercan send the receiver token PAN to the sendera variety of ways, such as, for example, via a text message, email, or display of a QR code.

110 110 120 115 3 110 110 Once the senderis provided the receiver token PAN, the sendercan initiate the P2P payment through the sender AHI applicationon the sender user device, as reflected by flow. The sendercan initiate the P2P payment a variety of ways. For example, the sendercan submit the receiver token PAN from an operation accessing the text message or email or from the scanning of the receiver's QR code.

110 115 110 120 115 125 4 1 FIG.A When the senderinitiates the P2P payment, the sender user devicereceives a P2P transfer request from the sender. The P2P transfer request includes at least the receiver token PAN. In the illustrative example of, the P2P transfer request is a request for a sender-initiated (Push) PII secure P2P payment. The sender AHI applicationon the sender user devicecan communicate the P2P transfer request to the sender AHI system, as reflected by flow.

125 130 5 110 110 130 125 The sender AHI systemcan communicate a P2P transfer advice request to the enhanced processing platform, as reflected by flow. The P2P transfer advice request includes at least the receiver token PAN and a sender token PAN. The P2P transfer advice request is a request to translate the sender token PAN into the corresponding sender account number and the receiver token PAN into the corresponding receiver account number. The sender token PAN can be a token PAN issued to the senderwhen the senderregisters with the enhanced processing platformand a sender account is digitized. The sender AHI systemcan obtain the sender token PAN before communicating the P2P transfer advice request.

130 6 The enhanced processing platformcan identify a sender account number corresponding to the sender account using the sender token PAN and a receiver account number corresponding to the receiver account using the receiver token PAN, as reflected by flow.

130 125 7 125 Once the account numbers are identified, the enhanced processing platformcan communicate an account authorization message to the sender AHI system, as reflected by flow. The account authorization message includes at least the sender account number and the receiver account number. The account authorization message authorizes the sender AHI systemto transfer the funds from the sender account associated with the sender account number to the receiver account associated with the receiver account number.

125 140 165 8 The sender AHI systemcommunicates with the payment networkand the receiver AHI systemto transfer the funds from the sender account associated with the sender account number to the receiver account associated with the receiver account number, as reflected by flow.

8 165 150 160 9 Once the funds have been transferred to the receiver's account as reflected by flow, the receiver AHI systemcan notify the receiverthat the funds have been deposited by providing a notification via the receiver AHI application, as reflected by flow.

1 FIG.B 1 FIG.A 110 115 125 130 140 150 155 160 165 170 175 Referring to, an example operating environment can include the sender, the sender user device, the sender AHI system, the enhanced processing platform, the payment network, the receiver, the receiver user device, the receiver AHI application, and the receiver AHI system, as described with respect for, as well as a third-party systemand a third-party application.

170 175 115 175 170 The third-party systemmay be a system or service that allows for mobile payments, such as P2P payments, to be made through the third-party application. Here, the sender user deviceis running the third-party application, which is managed by the third-party system.

110 150 150 110 110 175 155 160 165 1 FIG.B The senderis a user that is sending a P2P payment to the receiver. The receiveris a user that is receiving the P2P payment from the sender. In the illustrative example of, the senderis initiating the P2P payment through the third-party application. The receiver user deviceruns the receiver AHI application, which is managed by the receiver AHI system.

1 FIG.A 115 155 As described in, a user device (e.g., the sender user deviceand the receiver user device) may be, but is not limited to, a personal computer, a laptop computer, a desktop computer, a tablet computer, a reader, a mobile device, a personal digital assistant, a smart phone, a gaming device or console, a wearable computer, a wearable computer with an optical head-mounted display, computer watch, a whiteboard, or a smart television.

1 FIG.A 125 165 160 165 140 As described in, an AHI system (e.g., the sender AHI systemand the receiver AHI system) can be a financial institution through which a user has an account. In some cases, an AHI system may be an issuer that provides a payment card to the user. An AHI application (e.g., the receiver AHI application) may be an application, such as a mobile banking application, managed by an AHI system (e.g., the receiver AHI system). The payment networkroutes payment information to the appropriate AHI system and may be a real time payment network.

1 FIG.A 130 As described in, the enhanced processing platformcan include or communicate with a digitization platform (not shown), an account processing platform (not shown), and one or more data resources, such as a token vault (not shown). The digitization platform is responsible for digitization and tokenization of forms of payment. The account processing platform supports the management of consumer accounts. The token vault refers to a repository where issued digitized payment tokens and corresponding personal account numbers and account reference numbers are securely stored.

1 FIG.A 110 150 130 130 130 130 115 155 As described in, an account of a consumer (e.g., the senderor the receiver) can be digitized for a virtual wallet/banking application for contactless or e-commerce payments and register with the enhanced processing platform. The virtual wallet application can be managed by an AHI system. When the account is being digitized, the AHI system can connect to the enhanced processing platformto facilitate the set-up. During digitization, the digitization platform of the enhanced processing platformissues a token PAN for the digitized account and passes that information to the account processing platform of the enhanced processing platform, which stores the consumer account information and token PANs in the token vault. The token PAN can be provisioned on the consumer's user device (e.g., the sender user deviceor the receiver user device) and made available to the consumer to use for contactless, e-commerce, and P2P payments.

6 FIG. A more detailed discussion of an enhanced processing platform and registration will be provided in.

150 160 155 1 150 150 130 150 160 During an example sender-initiated (Push) PII secure P2P payment, the receivercan use the receiver AHI applicationon the receiver user deviceto retrieve a receiver token PAN, as reflected by flow. As described above, the receiver token PAN can be made available to the receiverwhen the receiverregisters with the enhanced processing platformand a receiver account is digitized. Thus, the receivercan pull up the receiver token PAN on the receiver AHI application. The receiver token PAN can be in the form of the receiver token PAN number or a QR code.

150 110 2 150 110 The receivercan send the receiver token PAN to the sender, as reflected by flow. The receivercan send the receiver token PAN to the sendera variety of ways, such as, for example, via a text message, email, or display of a QR code.

110 110 175 115 3 110 110 175 110 150 150 110 Once the senderis provided the receiver token PAN, the sendercan initiate the P2P payment through the third-party applicationon the sender user device, as reflected by flow. The sendercan initiate the P2P payment a variety of ways. For example, the sendercan submit the receiver token PAN from an operations accessing the text message or email or from scanning of the receiver's QR code. Conventionally, the third-party applicationwould require the senderto provide personal contact information, such as a mobile phone number, email address, or username, of the receiverto initiate a sender-initiated (Push) PII secure P2P payment. Advantageously, through the described techniques, no sharing of PII data (e.g., the personal contact information) is required. Instead, the receiverand the sendercan share a token PAN for the P2P payment.

110 115 110 175 115 170 4 1 FIG.B When the senderinitiates the P2P payment, the sender user devicereceives a P2P transfer request from the sender. The P2P transfer request includes at least the receiver token PAN. In the illustrative example of, the P2P transfer request is a request for a sender-initiated (Push) PII secure P2P payment. The third-party applicationon the sender user devicecan communicate the P2P transfer request to the third-party system, as reflected by flow.

170 130 5 110 110 130 170 The third-party systemcan communicate a P2P transfer advice request to the enhanced processing platform, as reflected by flow. The P2P transfer advice request includes at least the receiver token PAN and a sender token PAN. The P2P transfer advice request is a request to translate the sender token PAN into the corresponding sender account number and the receiver token PAN into the corresponding receiver account number. The sender token PAN can be a token PAN issued to the senderwhen the senderregisters with the enhanced processing platformand a sender account is digitized. The third-party systemcan obtain the sender token PAN before communicating the P2P transfer advice request.

130 6 The enhanced processing platformcan identify a sender account number using the sender token PAN corresponding to the sender account using the sender token PAN and a receiver account number corresponding to the receiver account using the receiver token PAN, as reflected by flow.

6 130 125 7 a In some cases, once the account numbers are identified in flow, the enhanced processing platformcommunicates an account authorization message to the sender AHI systemcorresponding to the sender account number, as reflected by flow.

6 130 170 170 125 7 b In some cases, once the account numbers are retrieved in flow, the enhanced processing platformcommunicates an account authorization message to the third-party systemand the third-party systemthen communicates the account authorization message to the corresponding sender AHI system, as reflected by flow.

125 The account authorization message includes at least the sender account number and the receiver account number and authorizes the sender AHI systemto transfer the funds from the sender account associated with the sender account number to the receiver account associated with the receiver account number.

125 140 165 8 The sender AHI systemcommunicates with the payment networkand the receiver AHI systemto transfer the funds from the sender account associated with the sender account number to the receiver account associated with the receiver account number, as reflected by flow.

8 165 150 160 9 Once the funds have been transferred to the receiver's account as reflected by flow, the receiver AHI systemcan notify the receiverthat the funds have been deposited by providing a notification via the receiver AHI application, as reflected by flow.

2 FIG. 2 FIG. 1 FIG.A 110 115 120 125 130 140 150 155 160 165 illustrates an example operating environment and signal flow for receiver-initiated (Pull) PII secure P2P payments. Referring to, an example operating environment can include the sender, the sender user device, the sender AHI application, the sender AHI system, the enhanced processing platform, the payment network, the receiver, the receiver user device, the receiver AHI application, and the receiver AHI system, as described with respect to.

110 150 150 110 150 115 120 125 155 160 165 2 FIG. The senderis a user that is sending a P2P payment to the receiver. The receiveris a user that is receiving the P2P payment from the sender. In the illustrative example of, the receiveris initiating the P2P payment. The sender user deviceruns the sender AHI application, which is managed by the sender AHI system. The receiver user deviceruns the receiver AHI application, which is managed by the receiver AHI system.

1 FIG.A 115 155 As previously described with respect to, a user device (e.g., the sender user deviceand the receiver user device) may be, but is not limited to, a personal computer, a laptop computer, a desktop computer, a tablet computer, a reader, a mobile device, a personal digital assistant, a smart phone, a gaming device or console, a wearable computer, a wearable computer with an optical head-mounted display, computer watch, a whiteboard, or a smart television.

1 FIG.A 125 165 120 160 125 165 140 As previously described with respect to, an AHI system (e.g., the sender AHI systemand the receiver AHI system) can be a financial institution through which a user has an account. In some cases, an AHI system may be an issuer that provides a payment card to the user. An AHI application (e.g., sender AHI applicationand the receiver AHI application) may be an application, such as a mobile banking application, managed by an AHI system (e.g., the sender AHI systemand the receiver AHI system). The payment networkroutes payment information to the appropriate AHI system and may be a real time payment network.

1 FIG.A 130 As previously described with respect to, the enhanced processing platformcan include or communicate with a digitization platform (not shown), an account processing platform (not shown), and one or more data resources, such as a token vault (not shown). The digitization platform is responsible for digitization and tokenization of forms of payment. The account processing platform supports the management of consumer accounts. The token vault refers to a repository where issued digitized payment tokens and corresponding personal account numbers and account reference numbers are securely stored.

1 FIG.A 110 150 130 130 130 130 115 155 As previously described in, an account of a consumer (e.g., the senderor the receiver) can be digitized for a virtual wallet/banking application for contactless or e-commerce payments and register with the enhanced processing platform. The virtual wallet application can be managed by an AHI system. When the account is being digitized, the AHI system can connect to the enhanced processing platformto facilitate the set-up. During digitization, the digitization platform of the enhanced processing platformissues a token PAN for the digitized account and passes that information to the account processing platform of the enhanced processing platform, which stores the consumer account information and token PANs in the token vault. The token PAN can be provisioned on the consumer's user device (e.g., the sender user deviceor the receiver user device) and made available to the consumer to use for contactless, e-commerce, and P2P payments.

6 FIG. A more detailed discussion of an enhanced processing platform and registration will be provided in.

Conventionally, a sender would provide a receiver with personal contact information, such as a mobile phone number, email address, or username, for the receiver to initiate a P2P payment. Advantageously, through the described techniques, no sharing of PII data (e.g., the personal contact information) is required. Instead, a sender can provide a receiver with a token PAN for the P2P payment as part of a receiver-initiated (Push) PII secure P2P payment.

110 150 1 110 110 130 110 120 150 110 150 During an example receiver-initiated (Push) PII secure P2P payment, the sendercan send the sender token PAN to the receiver, as reflected by flow. As described above, the sender token PAN is made available to the senderwhen the senderregistered with the enhanced processing platformand a sender account was digitized. Thus, the sendercan pull up the sender token PAN on the sender AHI applicationand provide it to the receiver. The sender token PAN can be in the form of the sender token PAN number or a QR code. The sendercan send the sender token PAN to the receivera variety of ways, such as, for example, via a text message, email, or display of the QR code.

150 160 155 2 150 150 The receivercan initiate the P2P payment through the receiver AHI applicationon the receiver user device, as reflected by flow. The receivercan initiate the P2P payment a variety of ways. For example, the receivercan submit the sender token PAN from an operation accessing the text message or email or from the scanning of the sender's QR code.

150 155 150 110 160 155 165 3 When the receiverinitiates the P2P payment, the receiver user devicereceives a P2P pull transfer request from the receiver. The P2P pull transfer request includes at least the sender token PAN corresponding to the sender. The receiver AHI applicationon the receiver user devicecan communicate the P2P pull transfer request to the receiver AHI system, as reflected by flow.

165 130 4 5 130 125 150 150 130 165 130 The receiver AHI systemcan communicate a P2P pull transfer advice request to the enhanced processing platform, as reflected by flow. Then, as reflected by flow, the enhanced processing platformcommunicates the P2P pull transfer advice request to the sender AHI system. The P2P pull transfer advice request includes at least the sender token PAN and a receiver token PAN. The P2P pull transfer advice request is a request to translate the sender token PAN into the corresponding sender account number and the receiver token PAN into the corresponding receiver account number. The receiver token PAN can be a token PAN issued to the receiverwhen the receiverregisters with the enhanced processing platformand a receiver account is digitized. The receiver AHI systemcan obtain the receiver token PAN before communicating the P2P pull transfer advice request to the enhanced processing platform.

125 110 120 6 110 120 7 The sender AHI systemcan notify the sender, via the sender AHI application, of the P2P pull transfer request, as reflected by flow. The sendercan confirm the P2P payment via the sender AHI application, as reflected by flow.

110 7 115 110 120 115 125 8 When the senderconfirms the P2P payment in flow, the sender user devicecan receive a P2P transfer request from the sender. The P2P transfer request includes at least the receiver token PAN. The sender AHI applicationon the sender user devicecan communicate the P2P transfer request to the sender AHI system, as reflected by flow.

125 130 9 The sender AHI systemcan communicate a P2P transfer advice request to the enhanced processing platform, as reflected by flow. The P2P transfer advice request includes at least the receiver token PAN and the sender token PAN. The P2P transfer advice request is a request to translate the sender token PAN into the corresponding sender account number and the receiver token PAN into the corresponding receiver account number.

130 10 The enhanced processing platformcan identify a sender account number corresponding to the sender account using the sender token PAN and a receiver account number corresponding to the receiver account using the receiver token PAN, as reflected by flow.

130 125 11 125 Once the account numbers are identified, the enhanced processing platformcan communicate an account authorization message to the sender AHI system, as reflected by flow. The account authorization message includes at least the sender account number and the receiver account number. The account authorization message authorizes the sender AHI systemto transfer the funds from the sender account associated with the sender account number to the receiver account associated with the receiver account number.

125 140 165 12 The sender AHI systemcommunicates with the payment networkand the receiver AHI systemto transfer the funds from the sender account associated with the sender account number to the receiver account associated with the receiver account number, as reflected by flow.

12 165 150 160 13 Once the funds have been transferred to the receiver's account as reflected by flow, the receiver AHI systemcan notify the receiverthat the funds have been deposited by providing a notification via the receiver AHI application, as reflected by flow.

3 FIG. 3 FIG. 7 FIG. 300 700 illustrates an example process carried out by a sender AHI system according to an embodiment of the invention. Referring to, a sender AHI system, performing process, can be implemented by a system embodied as described with respect to systemshown in.

300 300 1 FIG.A 1 FIG.B Processmay be implemented in the example operating environment shown in. In some cases, processmay be implemented in the example operating environment shown in. In this case, the sender AHI system is a third-party system, such as a third-party P2P payment system.

300 302 302 3 1 FIG.A Referring to process, the sender AHI system can receive () a P2P transfer request from a sender. The P2P transfer request is a request for a sender-initiated (Push) PII secure P2P payment. The P2P transfer request can include at least a receiver token PAN corresponding to a receiver account of a receiver. The receiver token PAN can be issued to the receiver when the receiver registers with the enhanced processing platform and the receiver account is digitized. An example of operationcan be performed with flowof. In some cases, the receiver toke PAN received in the P2P transfer request is received in the form of a QR code.

304 The sender AHI system can obtain () a sender token PAN corresponding to a sender account of the sender. The sender token PAN is a token PAN issued to the sender when the sender registers with the enhanced processing platform and a sender account is digitized.

In some cases, the P2P transfer request includes a sender identifier. The sender identifier may be, for example, an identifier associated with a sender user device. In this case, the sender AHI system can obtain the sender token PAN using the sender identifier. In some cases, the P2P transfer request includes the sender token PAN. In this case, the sender AHI system can obtain the sender token PAN from the P2P transfer request.

306 306 5 1 FIG.A The sender AHI system can communicate () a P2P transfer advice request to an enhanced processing platform. The P2P transfer advice request includes at least the receiver token PAN and the sender token PAN. The P2P transfer advice request is a request to translate the sender token PAN into the corresponding sender account number and the receiver token PAN into the corresponding receiver account number. An example of operationcan be performed with flowof.

308 308 7 1 FIG.A The sender AHI system can receive () an account authorization message from the enhanced processing platform. The account authorization message includes at least a sender account number corresponding to the sender account and a receiver account number corresponding to the receiver account. The account authorization message authorizes the sender AHI system to transfer the funds from the sender account associated with the sender account number to the receiver account associated with the receiver account number. An example of operationcan be performed with flowof.

310 310 8 1 FIG.A The sender AHI system can provide () the funds to be transferred from the sender account associated with the sender account number to the receiver account associated with the receiver account number to a receiver AHI system via a payment network. An example of operationcan be performed with flowof.

4 FIG. 4 FIG. 7 FIG. 2 FIG. 400 700 400 illustrates an example process carried out by a receiver AHI system according to an embodiment of the invention. Referring to, a receiver AHI system, performing process, can be implemented by a system embodied as described with respect to systemshown in. Processmay be implemented in the example operating environment shown in.

400 402 402 2 2 FIG. Referring to process, the receiver AHI system can receive () a P2P pull transfer request from a receiver. The P2P pull transfer request is a request for a receiver-initiated (Pull) PII secure P2P payment. The P2P pull transfer request can include at least a sender token PAN corresponding to a sender account of a sender. The sender token PAN can be issued to the sender when the sender registers with the enhanced processing platform and the sender account is digitized. An example of operationcan be performed with flowof. In some cases, the sender token PAN received in the P2P pull transfer request is received in the form of a QR code.

404 The receiver AHI system can obtain () a receiver token PAN corresponding to a receiver account of the receiver. The receiver token PAN can be issued to the receiver when the receiver registers with the enhanced processing platform and the receiver account is digitized.

In some cases, the P2P pull transfer request includes a receiver identifier. The receiver identifier may be, for example, an identifier associated with a receiver user device. In this case, the receiver AHI system can obtain the receiver token PAN using the receiver identifier. In some cases, the P2P pull transfer request includes the receiver token PAN. In this case, the receiver AHI system can obtain the receiver token PAN from the P2P pull transfer request.

406 406 4 2 FIG. The receiver AHI system can communicate () a P2P pull transfer advice request to an enhanced processing platform. The P2P pull transfer advice request includes at least the sender token PAN and the receiver token PAN. The P2P pull transfer advice request is a request to translate the sender token PAN into the corresponding sender account number and the receiver token PAN into the corresponding receiver account number. An example of operationcan be performed with flowof.

408 408 12 2 FIG. The receiver AHI system can receive () the funds to be transferred from the sender account to the receiver account from a sender AHI system via a payment network. The sender account is associated with the sender account number and the receiver account is associated with the receiver account number. An example of operationcan be performed with flowof.

410 410 13 2 FIG. The receiver AHI system can provide () a notification that the funds have been transferred to the receiver account. The notification can be provided to the receiver through a receiver AHI application. An example of operationcan be performed with flowof.

5 FIG. 5 FIG. 6 FIG. 7 FIG. 605 500 700 illustrates an example process carried out by an enhanced processing platform according to an embodiment of the invention. Referring to, an enhanced processing platform (e.g., the enhanced processing platformas described with respect to) , performing process, can be implemented by a system embodied as described with respect to systemshown in.

500 500 1 FIG.A 2 FIG. 1 FIG.B The enhanced processing platform can include or communicate with a digitization platform, an account processing platform, and a token vault. Processmay be implemented in the example operating environment shown inor. In some cases, processmay be implemented in the example operating environment shown in. In this case, the sender AHI system is a third-party system, such as a third-party P2P payment system.

Conventionally, the account processing platform of the enhanced processing platform provides a person-to-merchant payment solution that allows a consumer to pay a merchant using either a payment card via a debit card PAN or a bank account via a bank account number.

Through the described techniques, the account processing platform can act as an orchestration or a mapping layer that allows for an AHI system to tokenize bank accounts as well as payment card accounts. Indeed, the enhanced processing platform manages mappings of tokens to both bank account numbers and payment card numbers contained within the token vault.

The account processing platform can provide real time payment and ACH infrastructure and can act as a real time payment processor on behalf of an AHI system. This allows a consumer to not only make contactless and e-commerce payments, but also P2P payments, via a debit transaction or via an account to account, real time payments transaction. Indeed, the introduction of the described token PAN allows for a single product to be used for contactless payments, e-commerce payments, and P2P payments.

500 502 502 5 5 1 FIG.A 2 FIG. Referring to process, the enhanced processing platform can receive () a P2P transfer advice request from a sender AHI system. The P2P transfer advice request includes at least a sender token PAN corresponding to a sender account and a receiver token PAN corresponding to a receiver account. The P2P transfer advice request is a request to translate the sender token PAN into the corresponding sender account number and the receiver token PAN into the corresponding receiver account number. Examples of operationcan be performed with flowofand flowof.

502 5 1 FIG.B In some cases, the enhanced processing platform receives the P2P transfer advice request from a third-party system, such as a third-party P2P payment system. In this case, an example of operationcan be performed with flowof.

Conventionally, a token PAN would not be used to make P2P payments. Indeed, a P2P transfer advice request would not include the token PAN. Instead, PII data, such as personal contact information, would be sent with the P2P transfer advice request to make a P2P payment. The PII data is used to identify the corresponding linked account number. For example, in a conventional P2P payment solution, a receiver's email address can be sent with the P2P transfer advice request and used to identify the linked receiver account number.

504 506 The enhanced processing platform can identify () a sender account number corresponding to the sender account using the sender token PAN and identify () a receiver account number corresponding to the receiver account using the receiver token PAN. Advantageously, PII data is not required by the enhance processing platform in order to identify an account number.

504 506 504 506 6 10 1 1 FIGS.A andB 2 FIG. To identify () the sender account number and identify () the receiver account number, the account processing platform of the enhanced processing platform can retrieve the sender account number and receiver account number from the token vault using the corresponding token PANs. That is, the enhanced processing platform can communicate with the token vault to detokenize the digitized token PANs to determine the corresponding account numbers. Examples of operationsandcan be performed with flowofand flowof.

508 508 7 7 11 1 FIG.A 1 FIG.B 2 FIG. a The enhanced processing platform can communicate () an account authorization message to the sender AHI system. The account authorization message includes at least the sender account number and the receiver account number. The account authorization message authorizes the sender AHI system to transfer the funds from the sender account associated with the sender account number to the receiver account associated with the receiver account number. An example of operationcan be performed with flowof, flowof, and flowof.

508 508 7 b 1 FIG.B In the case where the enhanced processing platform receives the P2P transfer advice request from the third-party system, the enhanced processing platform can communicate () an account authorization message to the third-party system and the third-party system can communicate that authorization message to the corresponding sender AHI system. In this case, an example of operationcan be performed with flowof.

502 4 2 FIG. In some cases, the P2P payment is an example receiver-initiated (Push) PII secure P2P payment. In this case, before receiving the P2P transfer advice request in operation, the enhanced processing platform can receive a P2P pull transfer advice request from a receiver. The P2P pull transfer advice request includes at least the sender token PAN and the receiver token PAN. The P2P pull transfer advice request is a request to translate the sender token PAN into the corresponding sender account number and the receiver token PAN into the corresponding receiver account number. An example of this can be performed at flowof.

5 2 FIG. The enhanced processing platform can then communicate the P2P pull transfer advise request to the sender AHI system. An example of this can be performed at flowof.

6 FIG. 6 FIG. 605 610 615 620 630 630 630 640 640 640 illustrates an example operating environment for PII secure P2P payment processing. Referring to, an example operating environment can include an enhanced processing platform, a digitization platform, an account processing platform, a token vault, an AHI system(e.g., AHI 1 systemA and AHI 2 systemB) , and an AHI wallet server(e.g., AHI 1 wallet serverA and AHI 2 wallet serverB) .

605 610 615 620 The enhanced processing platform, includes or communicates with the digitization platform, the account processing platform, and the token vault.

610 615 The digitization platformis responsible for digitization and tokenization of forms of payment. The account processing platformsupports the management of consumer accounts.

615 630 615 630 The account processing platformcan act as an orchestration or a mapping layer that allows for an AHI systemto tokenize bank accounts as well as payment card accounts. The account processing platformcan provide real time payment and ACH infrastructure and can act as a real time payment processor on behalf of an AHI system. This allows a consumer to pay via a debit transaction or via an account to account, real time payments transaction. The described techniques leveraging the payment rails to allow a token PAN to flow over a card payment rails in the authorization leg and then allow the consumer to settle in either real time payments or card.

620 650 605 A token vault refers to a repository where issued digitized payment tokens and corresponding personal account numbers and account reference numbers are securely stored. In the example operating environment, the token vaultincludes one or more data sets, including digitized datathat contains mappings of tokens to both bank account numbers and payment card account numbers. Advantageously, while the enhanced processing platformhas access to account data, there is no access to PII data to map that account data to an actual consumer. Thus, reducing risk of identity theft.

630 630 630 640 640 640 The AHI system(e.g., AHI 1 systemA and AHI 2 systemB) includes or communicates with the AHI wallet server(e.g., AHI 1 wallet serverA and AHI 2 wallet serverB) .

640 630 The AHI wallet servercan host a virtual wallet application. A virtual wallet application stores payment card information, which can be used to make contactless payments or e-commerce payments. Each AHI systemcan manage a virtual wallet application.

630 605 630 605 An AHI systemcan register with the enhanced processing platform. For example, an AHI systemcan provide consumer information and corresponding bank account information to the enhanced processing platform.

640 605 610 615 620 An account of a consumer can be digitized for a virtual wallet/banking application for contactless or e-commerce payments. When the account is being digitized, the AHI wallet servercan connect to the enhanced processing platform. During digitization, the digitization platformissues a token PAN for the digitized account and passes that information to the account processing platform, which stores the consumer account information and token PANs in the token vault. The token PAN can be provisioned on the consumer's user device and made available to the consumer to use for contactless, e-commerce, and P2P payments. Advantageously, using the issued token PAN for P2P payments allows consumers and AHI systems to provide a P2P payment solution where the consumer does not need to share account information with a sender/receiver.

7 FIG. 7 FIG. 700 700 illustrates components of a computing system that may be used in certain embodiments described herein. Referring to, systemmay be implemented within a single computing device or distributed across multiple computing devices or sub-systems that cooperate in executing program instructions. The systemcan include one or more blade server devices, standalone server devices, personal computers, routers, hubs, switches, bridges, firewall devices, intrusion detection devices, mainframe computers, network-attached storage devices, and other types of computing devices. The system hardware can be configured according to any suitable computer architectures such as a Symmetric Multi-Processing (SMP) architecture or a Non-Uniform Memory Access (NUMA) architecture.

700 710 720 730 710 The systemcan include a, which may include one or more processors and/or other circuitry that retrieves and executes softwarefrom storage system. Processing systemmay be implemented within a single processing device but may also be distributed across multiple processing devices or sub-systems that cooperate in executing program instructions.

730 710 720 730 730 710 730 700 720 Storage system(s)can include any computer readable storage media readable by processing systemand capable of storing software. Storage systemmay be implemented as a single storage device but may also be implemented across multiple storage devices or sub-systems co-located or distributed relative to each other. Storage systemmay include additional elements, such as a controller, capable of communicating with processing system. Storage systemmay also include storage devices and/or sub-systems on which data is stored. Systemmay access one or more storage resources in order to access information to carry out any of the processes indicated by software.

720 300 400 500 700 710 700 710 Software, including routines for performing processes, such as processfor a sender AHI system, processfor a receiver AHI system, or processfor an enhanced processing platform, may be implemented in program instructions and among other functions may, when executed by systemin general or processing systemin particular, direct the systemor processing systemto operate as described herein.

700 In embodiments where the systemincludes multiple computing devices, the server can include one or more communications networks that facilitate communication among the computing devices. For example, the one or more communications networks can include a local or wide area network that facilitates communication among the computing devices. One or more direct communication links can be included between the computing devices. In addition, in some cases, the computing devices can be installed at geographically distributed locations. In other cases, the multiple computing devices can be installed at a single geographic location, such as a server farm or an office.

740 700 A communication interfacemay be included, providing communication connections and devices that allow for communication between systemand other computing systems (not shown) over a communication network or collection of networks (not shown) or the air.

700 In some embodiments, systemmay host one or more virtual machines.

Alternatively, or in addition, the functionality, methods, and processes described herein can be implemented, at least in part, by one or more hardware modules (or logic components) . For example, the hardware modules can include, but are not limited to, application-specific integrated circuit (ASIC) chips, field programmable gate arrays (FPGAs) , system-on-a-chip (SoC) systems, complex programmable logic devices (CPLDs) and other programmable logic devices now known or later developed. When the hardware modules are activated, the hardware modules perform the functionality, methods and processes included within the hardware modules.

It should be understood that as used herein, in no case do the terms “storage media,” “computer-readable storage media” or “computer-readable storage medium” consist of transitory carrier waves or propagating signals. Instead, “storage”media refers to non-transitory media.

Although the subject matter has been described in language specific to structural features and/or acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as examples of implementing the claims and other equivalent features and acts are intended to be within the scope of the claims.